SYSTEM AND METHODS FOR ONE-TIME PASSWORD GENERATION ON A MOBILE COMPUTING DEVICE

US 20140365780A1
Filed: 06/03/2014
Published: 12/11/2014
Est. Priority Date: 06/07/2013
Status: Abandoned Application

First Claim

Patent Images

1. A method for a mobile computing device, comprising:

downloading a one-time password initializer from an authentication server, the one-time password initializer configured to generate a device-specific signature for the mobile computing device;

uploading the device-specific signature to the authentication server; and

downloading a device-specific configuration and one-time password generator from the authentication server.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for a mobile computing device comprises downloading a one-time password initializer from an authentication server, the one-time password initializer configured to generate a device-specific signature for the mobile computing device; uploading a device-specific signature to the authentication server; and downloading a device-specific configuration and one-time password generator from the authentication server. In this way, both the mobile computing device and authentication server may independently generate equivalent one-time passwords based on unique information associated with the mobile computing device.

Citations

20 Claims

1. A method for a mobile computing device, comprising:
- downloading a one-time password initializer from an authentication server, the one-time password initializer configured to generate a device-specific signature for the mobile computing device;
  
  uploading the device-specific signature to the authentication server; and
  
  downloading a device-specific configuration and one-time password generator from the authentication server.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, where the one-time password initializer is further configured to:
    - extract unique information from the mobile computing device; and
      
      generate a device-specific signature for the mobile computing device based on the extracted unique information.
  - 3. The method of claim 1, further comprising:
    - encrypting the device-specific configuration with an encryption password.
  - 4. The method of claim 3, further comprising:
    - responsive to a request from a user for a one-time password, prompting the user to enter the encryption password; and
      
      responsive to receiving the encryption password, generating a one-time password.
  - 5. The method of claim 4, further comprising:
    - responsive to receiving an incorrect encryption password, deleting the device-specific configuration; and
      
      disabling the one-time password generator on the mobile computing device.
  - 6. The method of claim 5, where deleting the device-specific configuration responsive to receiving an incorrect encryption password further comprises:
    - deleting the device-specific configuration following receiving a threshold number of incorrect encryption passwords.
  - 7. The method of claim 1, where downloading a one-time password initializer from the authentication server further comprises:
    - responsive to a user request to initialize the mobile computing device as a one-time password generator, accessing the authentication server; and
      
      requesting a one-time password generator from the authentication server.

8. A method for a one-time password authentication server, comprising:
- responsive to a request to initialize a mobile computing device as a one-time password generator, downloading a one-time password initializer to the mobile computing device;
  
  receiving a device-specific signature for the mobile computing device from the one-time password initializer;
  
  generating a device-specific configuration and one-time password generator based on the device-specific signature;
  
  downloading the device-specific configuration and one-time password generator to the mobile computing device; and
  
  storing the device-specific configuration at the one-time password authentication server.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15)
- - 9. The method of claim 8, further comprising:
    - receiving a request for authentication, the request for authentication indicating a one-time password and an associated mobile computing device;
      
      retrieving the device-specific configuration for the associated mobile computing device;
      
      generating a one-time password at the one-time password authentication server based on the device-specific configuration;
      
      comparing the one-time password generated at the one-time password authentication server to the one-time password indicated by the request for authentication; and
      
      indicating authentication if the one-time password generated at the one-time password authentication server matches the one-time password indicated by the request for authentication.
  - 10. The method of claim 9, further comprising:
    - responsive to the one-time password generated at the one-time password authentication server not matching the one-time password indicated by the request for authentication, generating a subsequent one-time password based on the device-specific configuration; and
      
      indicating authentication if the subsequent one-time password generated at the one-time password authentication server matches the one-time password indicated by the request for authentication.
  - 11. The method claim 10, further comprising:
    - responsive to the subsequent one-time password time password generated at the one-time password authentication server not matching the one-time password indicated by the request for authentication, indicating a failed verification if a number of subsequent one-time passwords generated is greater than a threshold.
  - 12. The method of claim 8, further comprising:
    - decoupling the initialized mobile computing device responsive to a user request; and
      
      thenresponsive to a user attempting to generate a one-time password on the decoupled mobile computing device, issuing a command to the one-time password generator to delete the device-specific configuration at the mobile computing device.
  - 13. The method of claim 12, where decoupling the initialized mobile computing device further comprises:
    - deleting the device-specific configuration associated with the initialized mobile computing device from the one-time password authentication server.
  - 14. The method of claim 8, further comprising:
    - storing the device-specific signature for the mobile computing device at the one-time password authentication server.
  - 15. The method of claim 9, where receiving a request for authentication further comprises:
    - receiving a request for authentication from a third-party server.

16. A system for utilizing a mobile computing device as a one-time password generator, comprising:
- an authentication server configured to download a one-time password initializer to the mobile computing device, the one-time password initializer configured to;
  
  extract unique information from the mobile computing device;
  
  generate a device-specific signature based on the extracted unique information; and
  
  upload the device-specific signature to the authentication server.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The system of claim 16, where the authentication server is further configured to:
    - store the device-specific signature;
      
      generate a device-specific configuration and one-time password generator based on the device-specific signature; and
      
      download the device-specific configuration and one-time password generator to the mobile computing device.
  - 18. The system of claim 17, where the one-time password generator is configured to:
    - generate a unique one-time password based on the device-specific signature responsive to a user request for a one-time password.
  - 19. The system of claim 18, where the authentication server is further configured to:
    - receive a request for authentication from a third-party server, the request for authentication indicating a submitted one-time password and an associated mobile computing device.retrieve the device-specific configuration for the associated mobile computing device;
      
      generate a one-time password at the authentication server based on the device-specific configuration;
      
      compare the one-time password generated at the authentication server to the one-time password indicated by the request for authentication; and
      
      indicating authentication if the one-time password generated at the authentication server matches the one-time password indicated by the request for authentication.
  - 20. The system of claim 19, where the authentication server and the one-time password generator stored on the mobile computing device are each configured to generate a plurality of one-time passwords based on the device-specific configuration, the plurality of one-time passwords generated in a same order at the authentication server and the mobile computing device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Safa Movassaghi
Original Assignee
Safa Movassaghi
Inventors
Movassaghi, Safa

Application Number

US14/295,187
Publication Number

US 20140365780A1
Time in Patent Office

Days
Field of Search
US Class Current

713/184
CPC Class Codes

H04L 63/0838   using one-time-passwords

H04L 67/34   involving the movement of s...

H04L 9/0861   Generation of secret inform...

H04L 9/0863   involving passwords or one-...

H04L 9/3228   One-time or temporary data,...

H04W 12/068   using credential vaults, e....

H04W 4/50   Service provisioning or rec...

SYSTEM AND METHODS FOR ONE-TIME PASSWORD GENERATION ON A MOBILE COMPUTING DEVICE

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM AND METHODS FOR ONE-TIME PASSWORD GENERATION ON A MOBILE COMPUTING DEVICE

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links